- name: Install pre-reqs
  package:
    name: '{{ item }}'
    state: present
  loop:
    - apt-transport-https
    - software-properties-common

- name: Ensure server directory
  file:
    state: directory
    path: /etc/openafs/server
    owner: root
    group: root
    mode: 0755

- name: Copy configuration files
  copy:
    src: '{{ item }}'
    dest: '/etc/openafs/server'
    owner: root
    group: root
    mode: 0644
  loop:
    - CellServDB
    - ThisCell
    - UserList

- name: Install rxkad.keytab
  shell: 'echo "{{ openafs_server_rxkad_keytab }}" | base64 -d > /etc/openafs/server/rxkad.keytab'
  args:
    creates: '/etc/openafs/server/rxkad.keytab'
  no_log: True

- name: Ensure permissions rxkad.keytab
  file:
    path: '/etc/openafs/server/rxkad.keytab'
    owner: root
    group: root
    mode: '0400'

# This is generated by aconvert from rxkad.keytab; or if we ever need
# to regenerate everything see asetkey(8) man page, which creates this
# from a keytab.  It's used by openafs 1.8 instead of keytabs to
# reduce kerberos library dependencies or some such.
- name: Install KeyfileExt
  shell: 'echo "{{ openafs_server_keyfileext }}" | base64 -d > /etc/openafs/server/KeyFileExt'
  args:
    creates: '/etc/openafs/server/KeyFileExt'
  no_log: True

- name: Ensure permissions on KeyFileExt
  file:
    path: '/etc/openafs/server/KeyFileExt'
    owner: root
    group: root
    mode: '0400'

- name: Install openstackci openafs PPA
  apt_repository:
    repo: 'ppa:openstack-ci-core/openafs'

- name: Install kernel headers dependency
  package:
    name:
      - linux-headers-{{ ansible_kernel }}
    state: present
  become: yes

# NOTE(ianw) : Need to do this first and separately so that the
# modules are ready for the openafs server/client package to start.
# Avoid recommends because that drags in the client, which can't start
# without the modules which are building in this step (we do it next)
- name: Install openafs kernel modules
  apt:
    name: openafs-modules-dkms
    state: latest
    install_recommends: no